Attempts to connect to Axway SFTP server result in publickey auth loopin

Darren Tucker dtucker at
Fri Feb 23 23:31:47 AEDT 2018

On 23 February 2018 at 23:07, Philipp Marek <philipp at> wrote:
>> +       struct identity *sent_signed_id;
> What happens if the server is configured to allow two different SSH keys?
> Wouldn't that then cycle between these two?

I don't think so.  I think once both have succeeded neither will be
sent and it'll drop through to "we did not send a packet, disable
method" and either move to the next method or fail if there are no

sent_signed_id is used to track the key that was just used to sign the
challenge from the server.  The state of the keys is stored in a list
of Identity structures.

When the reply comes back after setting sent_signed_id there's 3 cases:
 - failure: no change in behaviour.  (maybe it should null out
sent_signed_id, although it should be set again before ever being
 - partial success: we mark id->tried with IDENTITY_SUCCESSFUL.  The
non-zero value stops it from being sent again.
 - complete success: ssh_userauth2 immediately cleans up the identities.

Darren Tucker (dtucker at
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list